Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Systems Security Cryptography Domain #3.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Systems Security Cryptography Domain #3."— Presentation transcript:

1 Information Systems Security Cryptography Domain #3

2 Cryptography Now and Before  In the past – mainly used for confidentiality  Today –Still used for confidentiality –Data integrity –Source authentication –Non-repudiation

3 Definitions  Cryptography –Hiding the meaning of communication  Cipher –Transforms characters or bits into an unreadable format  Cryptographic Algorithm –Procedure that turns readable data into an unreadable format (usually through mathematical formulas

4 More Definitions  Cryptanalysis –Science of studying and breaking encryption mechanisms  Cryptology –Study of cryptography and cryptanalysis  Key Clustering –When two keys generate the same ciphertext from the same plaintext

5 MORE Definitions  Cryptosystem –Encompasses all of the components for encryption and decryption  Plaintext –Readable format / decrypted  Ciphertext –Unreadable format / encrypted  Work Factor –Time, effort, and resources necessary to break a cryptosystem (should be too high for compromise)

6 Symmetric Cryptography  Two instances of the same key –One key used for encryption and decryption –Sender/receiver use same key (public/shared)  Key distribution a problem  Secure 2 nd channel needed or offline  Does not implement non-repudiation

7 Historical Symmetric Keys  Hieroglyphics –Recorded in use in 2000 B.C. –1 st known type of cryptography –Only certain people knew the symbols –Used to glorify the life of deceased

8 Scytale Cipher  Paper or leather was wrapped around a rod  Message was written on paper and delivered by messenger  Sender and receiver had to have rod of same diameter  Was used around 400 B.C.  Transposition Cipher

9 Caesar Cipher  Symmetric cipher  Keys shifted ‘n’ number of letters  Also referred to as a shift cipher  If one alphabet is used – monoalphabetic substitution  If two alphabets are used – polyalphabetic substitution

10 Example  Decode the following messages:  UIJT POF JT FBTA

11 Vigenere Cipher  Polyalphabetic substitution cipher  Proposed by court of King Henry III  An extension of the Caesar Cipher  Strength is no frequency analysis can be performed

12 Enigma Machine  Rotor cipher used polyalphabetic substitution  Employed in WWII  Symmetric – original setting of rotors and how rotors moved must be the same  Sender entered characters and the rotors moved

13 Vernam Cipher  One-time pad –Only method that is completely secure –Still used today for backups encryption method –Senders uses one-time pad to encrypt and receiver uses twin to decrypt

14 Vernam  Deemed unbreakable if: –Pad is truly random values –Used only once –Securely distributed –Securely stored –Pad is at least as long as message

15 Key & Algorithm Relationship  Key – long string of values  Algorithm – group of mathematical equations that can be used for the encryption process  Used together – key values are used by the algorithm to indicate which equations to use, in what order, and with what values

16 Breaking Cryptosystems  Brute Force –Attempts all possible combinations of a given key space to derive the key  Takes ciphertext, applies key, and sees if understandable plaintext is derived –How many possible keys?  40-bit key = 1 trillion  56-bit key = 72 quadrillion –Easily breakable due to Moore’s Law –In 1998, broke DES in three days with 1536 PCs running at 40 MHz

17 Frequency Analysis  Patterns in ciphertext are identified and matched back to plaintext  For example, the most common letters in the English language are “iron seat”  Allows attackers to reverse-engineer encryption process

18 Characteristics of Strong Algorithms  Confusion –Complexity of the process to increase the workfactor of reverse engineering –Interceptor should not be able to predict what changing one character will do to ciphertext  Diffusion –Component going through an encryption should have MANY things take place –Change should affect many part of the ciphertext

19 Kerckhoff’s Principle  Only secrecy involved with cryptography should be the key  Should not base security on figuring out the algorithm  Algorithms should be publicly known  Government does NOT agree

20 Type of Ciphers Used Today  Substitution Methods  Transposition Methods  Symmetric Ciphers –Block –Stream  Asymmetric Ciphers

21 Encryption/Decryption  Substitution –Substitute one bit for another –Destination has to have the correct key to indicate how to substitute  Transposition –Bits are moved to new place in stream –No new bits are introduced –Destination must have correct key to unscramble

22 Symmetric – Block Cipher  Message is divided into blocks and put through mathematical function  Each block is encrypted separately  While message is not encrypted as one entity  Best used in software implementation

23 S-Box  Substitution box is common component  Table where a lookup using a few bits as an index yields some other bits  For example, in an 8 by 32 s-box, you enter with 8 bits and come out with 32  DES uses 6 by 4 boxes  Blowfish uses 8 by 32 boxes

24 Symmetric Stream Cipher  Encrypts individual bits of the message  Bits are X-ORed with a bit from message  Stream algorithms have keystroke generators  Best used in hardware implementations  Caesar cipher is an example

25 Message Authentication Code (MAC)  MACs are computed and verified with same key  Four types –Unconditionally secure  One time pad –Has function-based MAC (HMAC)  Uses key with hash function (MD5) –Stream – broken into two substreams –Block – encrypt message and output final block of ciphertext as checksum (DES)

26 Digital Signatures  Provide Authenticity and Non-Repudiation –After hashed, MD value is encrypted with sender’s private key –Receiver validates the digital signature by decrypting it with the sender’s public key –Provides data integrity, authenticity, and non- repudiation

27 Digital Signature vs. MAC  Symmetric Cryptography –MAC = hash + symmetric key  Asymmetric Cryptography –DS = hash + asymmetric key

28 US Government Standard  Digital Signature Standard (DSS) –Secure hashing algorithm (SHA) must be used for message digest creation. –DSA, RSA, and ECDSA asymmetric algorithms can be used for digital signature creation  ECDSA = elliptic curve digital signature algorithm

29 Symmetric Algorithms  Data Encryption Standard (DES) – Break work in half and XOR several times. Became standard in 1977.  Triple DES – Encrypted/decrypted with 3 separate keys. Strength of 2 112.  Advanced Encryption Standard (AES) - Adopted in 1997 by NIST. Had larger block size then DES

30 Advantages of Symmetric  Very fast and secure method for confidentiality  Implemented in either hardware or software  Usually available at no cost to user

31 Disadvantages  Not able to provide non-repudiation  Can not provide access control or digital signatures  Need to share key

32 Security in Hashing  Strength of Hashing Algorithm –The hash should be computed over the entire message –Messages cannot be disclosed by MD value –Different messages should generate different MD values  Collision free  Resistant to birthday attacks

33 Hashing Issue  It is easier to find 2 messages that have the same MD than looking for one particular MD value on a message  Hashing value (n) Brute force to find hash value (2n) Brute force to find any 2 matching hash values 2(n/2)  Crux – A hashing algorithm that generates a larger MD value is less vulnerable to a bday attack than one that creates a smaller one

34 Key Management  Responsibilities –Secure key creation and distribution –Secure key recovery –Secure key storage and destruction  Characteristics –Split knowledge and control –Length of key –Never available in clear text

35 Asymmetric Key Algorithms Public Key Cryptography  No key exchange needed  Users can generate their own public/private key pairs and exchange them  If you receive a public key from Bob, how do you know it is really Bob?  Need a trusted third party to vouch for the identity of the owner of a public key

36 Asymmetric Keys  Allows non-repudiation and access control  Extremely slow  Output may be much larger than the plaintext  Hashing  Integrity  Digital Signatures

37 CA and RA Roles  Registration Authority –Accepts registration requests from users –Validates users identities –Passes request to CA  Certificate Authority –Creates digital signature –Binds identity to signature –Maintains certificate during lifetime  Verisign, Thawte, IP, Belsign, etc.

38 Example  Bob wants to participate in a PKI –Bob send request to RA –RA validates Bob’s identity –RA sends request to CA –CA generates certificate and sends to Bob –Bob’s identity is now bound to the public key that is embedded in the digital certificate

39 Components of PKI  Certificate Revocation Lists (CRL) –Certificates can become revoked –CRL is list of revoked certificates signed by CA –Method to tell others not to trust (compromised)  Certificate Directory –Storage of certificates –Usually publicly accessible –Each certificate is digitally signed

40 Steganography  Hiding information in media –No algorithm, key or encryption required –Hides data –Digital watermarks are used to detect –Messages can be sent without knowledge –Specialized tools to carry this out  Hide and Seek  Steg Detect

41 Email Standards  Pretty Good Privacy (PGP) –Free email client that provides security –Uses passphrases instead of passwords –Web of trust instead of hierarchy of CAs  PGP provides confidentiality via IDEA  Integrity via MD5

42 Secure Protocols  Secure Hypertext (SHTTP) –Protects each message –Older less used  HTTPS –HTTP runs on top of SSL  Provides secure communication channel  All messages are protected  Secure Socket Layer (SSL) –Netscape developed; requies PKI –Works at transport layer

43 Secure email Standard  Secure MIME (SMIME) –Secure Multipurpose Internet Mail Extension –Allows for encryption, hashing, and digital signatures to take place in a uniform manner –Email client vendors follow this standard  Transparent between different email clients

44 Secure Electronic Transaction  SET –Developed by Visa and Mastercard for more secure monetary transactions over the Internet –Uses PKI to protect sensitive data and authenticates each ‘hop’ in the transaction  Slow in acceptance and deployment  Goal to replace SSL  Slow the throughput of the transaction

45 Network Layer Protection  IPSec –Developed because IPv4 has no security –Sets up a secure channel between computers instead of between applications  Application secure channels provided by SSL –Network layer security –Provides host-to-host, host-to-subnet, and subnet-to-subnet connections

46 Key Issues with IPSec  Internet Key Exchange (IKE) –Used to negotiate the key exchange between two entities –Suite of ISAKMP and Oakley protocols  Internet Security Association and Key Management Protocol (ISAKMP) –Framework for key negotiation  Oakley Protocol –Negotiates key information using Diffie-Hellman algorithm

47 IPSec Modes of Operation  Transport Mode –Offers payload protection –Protects header up to the network layer  Tunnel Mode –Protects the whole packet –Includes payload and all headers –Creates a new IP header`

48 Attacks on Crypto  Ciphertext-only Attack –Attacker only has ciphertext –Goal to reverse the encryption process  Known plaintext attack –Attacker has ciphertext and plaintext  Chosen-plaintext attack –Attacker can choose what plaintext is encrypted  Chosen-ciphertext attack –Attacker can choose ciphertext to be decrypted

49 More Attacks  Replay Attack –Attacker obtains a set of credentials and sends them to authentication source –Timestamps and sequence numbers protect against this attack  Man in Middle Attack –Attacker injects itself between two users and reads messages –Sequence numbers and digital signatures protect against this attack

Download ppt "Information Systems Security Cryptography Domain #3."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Crytography Chapter 8.

Crytography Chapter 8.
1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP.

1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Encryption Matches Domain 4.0 Basics of Cryptography (15 percent of Security +) Network Security Class Dr. Kleist Note: Most material from Harris, Shon.

Encryption Matches Domain 4.0 Basics of Cryptography (15 percent of Security +) Network Security Class Dr. Kleist Note: Most material from Harris, Shon.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Cryptography.

Cryptography.
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Principles of Information Security, 2nd edition2 Learning Objectives Upon completion of this material, you should be able to:  Describe the most significant.

Principles of Information Security, 2nd edition2 Learning Objectives Upon completion of this material, you should be able to:  Describe the most significant.
Cryptography Basic (cont)

Cryptography Basic (cont)
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies

Cryptographic Technologies

Similar presentations

Ads by Google